Lambda CloudWatch Log Retain Manager

October 31, 2018

As mentioned in Lambda@Edge CloudFront Debugging, it is very common to have services, applications, and worldwide CloudFront Edge Locations (especially Lambda@Edge) creating CloudWatch Log Groups in regions across the world. By default new CloudWatch Log Groups have retention set to Never, which is never what I want.

I created a Lambda function that will search through all AWS regions, check the retention period of each CloudWatch Log Group. Any Log Group that has retention of Never will be changed to retention of 30 Days (configurable). I run this Lambda every 10 days via a scheduled CloudWatch rule. So far so good, keeping CloudWatch logs nice and tidy.